- Fix sandbox copyfile when copying a dir with a socket, print error

policycoreutils-gui.patch

@@ -5783,8 +5783,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.gladep policy
 +</glade-project>
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.83/gui/polgengui.py
 --- nsapolicycoreutils/gui/polgengui.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.83/gui/polgengui.py	2010-08-05 17:40:33.000000000 -0400
++++ policycoreutils-2.0.83/gui/polgengui.py	2010-09-10 11:45:24.000000000 -0400
-@@ -0,0 +1,650 @@
+@@ -0,0 +1,657 @@
 +#!/usr/bin/python -Es
 +#
 +# polgengui.py - GUI for SELinux Config tool in system-config-selinux
@@ -5878,8 +5878,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
 +    
 +    def __init__(self):
 +        self.xml = xml
-+        self.all_types=polgen.get_all_types()
++        try:
-+        self.all_modules=polgen.get_all_modules()
++            self.all_types = polgen.get_all_types()
++            self.all_modules = polgen.get_all_modules()
++            self.all_roles = polgen.get_all_roles()
++            self.all_users = polgen.get_all_users()
++        except RuntimeError, e:
++            self.all_types = []
++            self.all_modules = []
++            self.all_roles = []
++            self.all_users = []
++            self.error(str(e))
++
 +        self.name=""
 +        xml.signal_connect("on_delete_clicked", self.delete)
 +        xml.signal_connect("on_delete_boolean_clicked", self.delete_boolean)
@@ -5970,13 +5980,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
 +        col = gtk.TreeViewColumn(_("Existing_User"), gtk.CellRendererText(), text = 0)
 +        self.existing_user_treeview.append_column(col)
 +
-+        roles = polgen.get_all_roles()
++        for i in self.all_roles:
-+        for i in roles:
 +            iter = self.role_store.append()
 +            self.role_store.set_value(iter, 0, i[:-2])
 +
-+        self.types = polgen.get_all_types()
-+
 +        self.transition_treeview = self.xml.get_widget("transition_treeview")
 +        self.transition_store = gtk.ListStore(gobject.TYPE_STRING)
 +        self.transition_treeview.set_model(self.transition_store)
@@ -5993,7 +6000,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
 +        col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
 +        self.user_transition_treeview.append_column(col)
 +
-+        for i in polgen.get_all_users():
++        for i in self.all_users:
 +            iter = self.user_transition_store.append()
 +            self.user_transition_store.set_value(iter, 0, i[:-2])
 +            iter = self.existing_user_store.append()
@@ -6010,7 +6017,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
 +        for i in polgen.methods:
 +            m = re.findall("(.*)%s" % polgen.USER_TRANSITION_INTERFACE, i) 
 +            if len(m) > 0:
-+                if "%s_exec_t" % m[0] in self.types:
++                if "%s_exec_t" % m[0] in self.all_types:
 +                    iter = self.transition_store.append()
 +                    self.transition_store.set_value(iter, 0, m[0])
 +                continue
@@ -6437,8 +6444,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
 +    app.stand_alone()
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.83/gui/polgen.py
 --- nsapolicycoreutils/gui/polgen.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.83/gui/polgen.py	2010-08-05 17:40:15.000000000 -0400
++++ policycoreutils-2.0.83/gui/polgen.py	2010-09-10 11:45:43.000000000 -0400
-@@ -0,0 +1,1309 @@
+@@ -0,0 +1,1318 @@
 +#!/usr/bin/python -Es
 +#
 +# Copyright (C) 2007-2010 Red Hat 
@@ -6638,6 +6645,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +                    self.ports = get_all_ports()
 +                except ValueError, e:
 +                    print "Can not get port types, must be root for this information"
++                except RuntimeError, e:
++                    print "Can not get port types", e
 +
 +                self.symbols = {} 
 +                self.symbols["openlog"] = "set_use_kerberos(True)"
@@ -6786,7 +6795,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +		self.transition_domains = []
 +		self.transition_users = []
 +                self.roles = []
-+                self.all_roles = get_all_roles()
 +
 +        def __isnetset(self, l):
 +            return l[ALL] or l[RESERVED] or l[UNRESERVED] or len(l[PORTS]) > 0
@@ -7157,10 +7165,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +                    tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_domain_rules)
 +                    newte += re.sub("APPLICATION", app, tmp)
 +
++                all_roles = []
++                try:
++                    all_roles = get_all_roles()
++                except ValueError, e:
++                    print "Can not get all roles, must be root for this information"
++                except RuntimeError, e:
++                    print "Can not get all roles", e
++
 +                for u in self.transition_users:
 +                    role = u.split("_u")[0]
 +                    
-+                    if (role + "_r") in self.all_roles:
++                    if (role + "_r") in all_roles:
 +                        tmp =  re.sub("TEMPLATETYPE", self.name, user.te_admin_trans_rules)
 +                        newte += re.sub("USER", role, tmp)
 +

policycoreutils-rhat.patch

@@ -1647,7 +1647,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
  	@python test_sandbox.py -v
 diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.83/sandbox/sandbox
 --- nsapolicycoreutils/sandbox/sandbox	2010-06-16 08:03:38.000000000 -0400
-+++ policycoreutils-2.0.83/sandbox/sandbox	2010-09-09 16:28:25.000000000 -0400
++++ policycoreutils-2.0.83/sandbox/sandbox	2010-09-13 11:40:20.000000000 -0400
 @@ -1,5 +1,6 @@
 -#! /usr/bin/python -E
 +#! /usr/bin/python -Es
@@ -1704,16 +1704,20 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
                       if not os.path.exists(newdir):
                              os.makedirs(newdir)
                       dest = newdir + "/" + bname
-@@ -83,7 +87,7 @@
+@@ -81,9 +85,10 @@
+                             shutil.copytree(file, dest)
+                      else:
                              shutil.copy2(file, dest)
++
                except shutil.Error, elist:
-                      for e in elist:
+-                     for e in elist:
 -                            sys.stderr.write(e[1])
-+                            sys.stderr.write(str(e[1]))
++                     for e in elist.message:
++                            sys.stderr.write(e[2])
                       
                SAVE_FILES[file] = (dest, os.path.getmtime(dest))
  
-@@ -161,10 +165,10 @@
+@@ -161,10 +166,10 @@
                    if not self.__options.homedir or not self.__options.tmpdir:
                           self.usage(_("Homedir and tempdir required for level mounts"))
  
@@ -1727,7 +1731,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
  
      def __mount_callback(self, option, opt, value, parser):
             self.__mount = True
-@@ -172,6 +176,15 @@
+@@ -172,6 +177,15 @@
      def __x_callback(self, option, opt, value, parser):
             self.__mount = True
             setattr(parser.values, option.dest, True)
@@ -1743,7 +1747,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
  
      def __validdir(self, option, opt, value, parser):
             if not os.path.isdir(value):
-@@ -218,7 +231,7 @@
+@@ -218,7 +232,7 @@
  /usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
  %s &
  WM_PID=$!
@@ -1752,7 +1756,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
  kill -TERM $WM_PID  2> /dev/null
  """ % (command, wm, command))
             fd.close()
-@@ -230,9 +243,9 @@
+@@ -230,9 +244,9 @@
      def __parse_options(self):
          from optparse import OptionParser
          usage = _("""
@@ -1764,7 +1768,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
  """)
          
          parser = OptionParser(version=self.VERSION, usage=usage)
-@@ -268,6 +281,10 @@
+@@ -268,6 +282,10 @@
                            action="callback", callback=self.__validdir,
                            help=_("alternate /tmp directory to use for mounting"))
  
@@ -1775,7 +1779,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
          parser.add_option("-W", "--windowmanager", dest="wm",  
                            type="string",
                            default="/usr/bin/matchbox-window-manager -use_titlebar no",
-@@ -276,13 +293,17 @@
+@@ -276,13 +294,17 @@
          parser.add_option("-l", "--level", dest="level", 
                            help=_("MCS/MLS level for the sandbox"))
  
@@ -1794,7 +1798,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
          if self.__options.setype:
                 self.setype = self.__options.setype
  
-@@ -299,6 +320,9 @@
+@@ -299,6 +321,9 @@
                 self.__options.X_ind = True
                 self.__homedir = self.__options.homedir
                 self.__tmpdir = self.__options.tmpdir
@@ -1804,7 +1808,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
          else:
                 if len(cmds) == 0:
                        self.usage(_("Command required"))
-@@ -351,22 +375,24 @@
+@@ -351,22 +376,24 @@
  
      def __execute(self):
             try:

policycoreutils.spec

@@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.83
-Release: 25%{?dist}
+Release: 27%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 Source:  http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -315,7 +315,13 @@ fi
 exit 0
 
 %changelog
-* Thu Sep 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-25
+* Mon Sep 13 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-27
+- Fix sandbox copyfile when copying a dir with a socket, print error
+
+* Fri Sep 10 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-26
+- Stop polgengui from crashing if selinux policy is not installed
+
+* Thu Sep 9 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-25
 - Fix bug preventing sandbox from using -l 
 
 * Tue Sep 7 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-24